Practice Test 3
Completed on 14-June-2020
  • Attempt
    01
  • Marks Obtained
    0 / 55
  • Your score
    0.0%
  • Time Taken
    00 H 00 M 03 S
  • Result
    Failed
Domains wise Quiz Performance Report
No Domain Total Question Correct Incorrect Unattempted Marked as Review
1 Determine workload requirements 13 0 0 13 0
2 Design a business continuity strategy 3 0 0 3 0
3 Design an infrastructure strategy 21 0 0 21 0
4 Design for deployment, migration, and integration 7 0 0 7 0
5 Design for identity and security 9 0 0 9 0
6 Design a data platform solution 2 0 0 2 0
Total All Domain 55 0 0 55 0
Review the Answers
Question 1

A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.

The company decides to use Azure Advisor for the packet analysis

Would this fulfil the requirement?

Explanation:

Answer – B

Azure Advisor is a recommendations-based tool and can’t be used to perform the packet analysis.

For more information on Azure Advisor, please visit the below URL

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Ask our Experts
View Queries
Question 2

A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.

The company decides to use Azure Traffic Analytics for the packet analysis

Would this fulfil the requirement?

Explanation:

Answer – A

Azure Traffic Analytics is used for traffic monitoring and is the correct solution to this business scenario.

The Microsoft documentation mentions the following

For more information on Traffic Analysis, please visit the below URL

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

Ask our Experts
View Queries
Question 3

A company has setup a set of Virtual Machines in a network in Azure. They have connected the Virtual Network to their on-premise network using ExpressRoute. There is an issue with an application hosted on the Virtual Machines in the network. A team needs to inspect the packets flowing into the Virtual Machines.

The company decides to use Azure Traffic Manager for the packet analysis

Would this fulfil the requirement?

Explanation:

Answer – B

Azure Traffic Manager is a DNS based load balancing tool and can’t be used for the purpose of network capture.

For more information on Azure Traffic Manager, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Ask our Experts
View Queries
Question 4

A company is planning on deploying an Azure Web App to 2 regions.

One of the key requirements is to ensure that the web app is always running if an Azure region fails. You need to ensure deployment costs are minimized.

Which of the following service would you include in the deployment of the solution?

Explanation:

Answer – B

You can use the Azure Traffic Manager to switch traffic over to a failover region. The Microsoft documentation mentions the following on the Azure Traffic Manager

Option A is incorrect since this is a compute service in Azure

Options C and D are incorrect since these services can’t be used in region failover scenarios

For more information on Azure Traffic Manager, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Ask our Experts
View Queries
Question 5

A company is planning on deploying an Azure Web App to 2 regions.

One of the key requirements is to ensure that the web app is always running if the primary region fails. You need to ensure deployment costs are minimized.

Which of the following feature would be used to ensure failover in the service?

Explanation:

Answer – C

You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.

Options A and D are incorrect since these features are more pertinent to the Application gateway.

Option B is incorrect since the priority routing method needs to be used for the Azure Traffic Manager.

For more information on Azure Traffic Manager routing methods, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods

Ask our Experts
View Queries
Question 6

A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.

Which of the following address space would you assign for the subnet in the Virtual Network?

Explanation:

Answer – C

The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24.  Also, if we look at the question it clearly mentions about having "20 VMs will be deployed in Azure". So taking this into consideration Option C is the correct answer, reason we get 256 IP addresses to work with.

A note on this is also given in the Microsoft documentation

Options A and B are incorrect since these address spaces would conflict with the on-premise address space.

Option D is incorrect since this address space should ideally be used for the gateway subnet

For more information on site-to-site VPN, please visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 7

A company currently has an on-premise network with an IP address space of 186.16.0.0/16. The company is going to deploy 20 Virtual machines to Azure. The Virtual machines will be placed in a subnet in an Azure virtual network. The requirement is to ensure the on-premise servers can communicate with the virtual machines hosted in Azure via a site-to-site VPN connection. You have to design the subnet for the virtual network in Azure which will be used to host the virtual machines.

Which of the following address space would you assign for the gateway subnet in the Virtual Network?

Explanation:

Answer – D

The address space for the Virtual Network should not conflict with the address space for the on-premise network. So, in this case the ideal option to choose as the address space is 192.168.0.0/24 for the subnet in the virtual network. And then use 192.168.1.0/28 as the address space for the gateway subnet.

The Microsoft documentation mentions the following on the gateway subnet

Options A and B are incorrect since these address spaces would conflict with the on-premise address space.

Option C is incorrect since this address space should ideally be used for the subnet to host the virtual machines.

For more information on site-to-site VPN, please visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 8

A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure

  • The API must send data in JSON format to its internal users
  • When external consultants access the API, the header information must be stripped before the data is received

What is the minimum number of API's that need to be added to Azure API management?

Explanation:

Answer – A

Since you just have one API, you can place that behind the API management instance

Because of this reasoning all other options are incorrect

For more information on creating an API management instance, please visit the below URL

https://docs.microsoft.com/en-us/azure/api-management/get-started-create-service-instance

Ask our Experts
View Queries
Question 9

A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure

  • The API must send data in JSON format to its internal users
  • When external consultants access the API, the header information must be stripped before the data is received

What is the minimum number of products to publish in Azure API management?

Explanation:

Answer – A

You can have one product that is published for the Internal development team. The Microsoft documentation mentions the following on products for API management

Because of this reasoning all other options are incorrect

For more information on the key concepts for API Management, please visit the below URL

https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts

Ask our Experts
View Queries
Question 10

A company has an API service that currently returns XML data to its internal users. The API is going to be migrated onto Azure. It will sit behind an API Management instance. Below are the requirements for the API when it is moved to Azure

  • The API must send data in JSON format to its internal users
  • When external consultants access the API, the header information must be stripped before the data is received

What is the minimum number of policy elements that need to be added to the API?

Explanation:

Answer – B

You can have one policy element to ensure that XML data is transformed to JSON for the Internal users when it is published to Azure

Below is the policy statement given in the Microsoft documentation

And then you can have one policy element to set the header of the response, so that it is sent as per the requirement to external consultants

Below is the policy statement given in the Microsoft documentation

Because of this reasoning all other options are incorrect

For more information on API Management policies, please visit the below URL

https://docs.microsoft.com/en-us/azure/api-management/api-management-policies

Ask our Experts
View Queries
Question 11

A company currently has resources deployed to their on-premise network and to Azure AD. There is a requirement to ensure that the Azure AD tenant can only be managed from workstations on the on-premise network. Which of the following needs to be part of the implementation of this requirement?

Explanation:

Answer - B

This can be managed by conditional access policies ensuring that the Locations is set in the policy.

Since this is clear from the implementation, all other options are incorrect

For more information on conditional access, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Ask our Experts
View Queries
Question 12

A team has an application that receives data from IoT based devices. The data is sent to CosmosDB which uses the SQL API. A notification needs to be sent when data is received from the IoT devices. Which of the following can be part of the implementation? Choose 2 answers from the options give below

Explanation:

Answer - A and C

You can use the CosmosDB connector for Azure Logic App to trigger a workflow when data is sent to CosmosDB. The Microsoft documentation mentions the following

You can use SendGrid to send emails from the Log App. The Microsoft documentation mentions the following

Options B and D are incorrect since you would need to use Azure Logic Apps to build a workflow

For more information on the connectors, please visit the below URL

https://docs.microsoft.com/en-us/connectors/documentdb/

https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sendgrid

Ask our Experts
View Queries
Question 13

A team has created a storage account in Azure. They also have the following object available in the storage account

In order to access the Sample.txt file, which of the following must be done first?

Explanation:

Answer – B

In order to access the BLOB, since it is in the archive access tier, you need to first change the access tier for the blob object. The Microsoft documentation mentions the following

Since this is clearly mentioned in the documentation, all other options are incorrect

For more information on the storage tiers, please visit the below URL

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

Ask our Experts
View Queries
Question 14

A team has created a storage account in Azure. They also have the following object available in the storage account

Currently the Sample.txt file will be stored

Explanation:

Answer – B

The Microsoft documentation mentions that the object will be set at a lower storage cost.

Since this is clearly mentioned in the documentation, all other options are incorrect

For more information on the storage tiers, please visit the below URL

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

Ask our Experts
View Queries
Question 15

A company has the following on-premise data stores

  • A Microsoft SQL Server 2012 database
  • A Microsoft SQL Server 2008 database

The data needs to be migrated to Azure.

  • Requirement 1 - The data in the Microsoft SQL Server 2012 database needs to be migrated to an Azure SQL database
  • Requirement 2 - The data in a table in the Microsoft SQL Server 2008 database needs to be migrated to an Azure CosmosDB account that uses the SQL API

Which of the following should be used to accomplish Requirement1?

Explanation:

Answer – D

The Data Migration assistant can be used to migrate the data. It has support for various versions of Microsoft SQL Server as shown below

Option A is incorrect since this works with data in Azure storage accounts

Option B is incorrect since this is used for migration of data to CosmosDB

Option C is incorrect since this is used for building a gateway with the on-premise infrastructure

For more information on the data migration assistant, please visit the below URL

https://docs.microsoft.com/en-us/sql/dma/dma-overview?view=sql-server-2017

Ask our Experts
View Queries
Question 16

A company has the following on-premise data stores

  • A Microsoft SQL Server 2012 database
  • A Microsoft SQL Server 2008 database

The data needs to be migrated to Azure.

  • Requirement 1 - The data in the Microsoft SQL Server 2012 database needs to be migrated to an Azure SQL database
  • Requirement 2 - The data in a table in the Microsoft SQL Server 2008 database needs to be migrated to an Azure CosmosDB account that uses the SQL API

Which of the following should be used to accomplish Requirement2?

Explanation:

Answer – B

This tool can be used for migrating data onto CosmosDB. The Microsoft documentation mentions the following

Option A is incorrect since this works with data in Azure storage accounts

Option C is incorrect since this is used for building a gateway with the on-premise infrastructure

Option D is incorrect since this tool does not have support for CosmosDB

For more information on importing data into CosmoDB, please visit the below URL

https://docs.microsoft.com/en-us/azure/cosmos-db/import-data

Ask our Experts
View Queries
Question 17

Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.

You need to recommend the minimum number of Public IP addresses that would be required

What is the minimum number of Public IP addresses that would be required for the Load Balancer?

Explanation:

Answer – B

You would just need one Public IP address assigned to the Load Balancer. If you look at the example give in the Microsoft documentation on the public load balancer, you can see that the request comes from the clients to the public IP and port of the load balancer

Since this is a clear concept of the Load balancer, all other options are incorrect

For more information on the concepts of the load balancer, please visit the below URL

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Ask our Experts
View Queries
Question 18

Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.

You need to recommend the minimum number of Public IP addresses that would be required

What is the minimum number of Public IP addresses that would be required for demovm1?

Explanation:

Answer – A

When the request is directed from the load balancer to the back end virtual machine, it is made to the Private IP address of the backend virtual machine. This is why you don’t need to have a public IP address assigned to the Virtual Machine. This is also given in the Microsoft documentation

Since this is a clear concept of the Load balancer, all other options are incorrect

For more information on the concepts of the load balancer, please visit the below URL

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Ask our Experts
View Queries
Question 19

Your team is planning on hosting an application that will be hosted on 2 virtual machines in Azure named demovm1 and demovm2. You have to load balance the traffic from the Internet to the Virtual Machines using one Azure Load balancer.

You need to recommend the minimum number of Public IP addresses that would be required

What is the minimum number of Public IP addresses that would be required for demovm2?

Explanation:

Answer – A

When the request is directed from the load balancer to the back end virtual machine, it is made to the Private IP address of the backend virtual machine. This is why you don’t need to have a public IP address assigned to the Virtual Machine. This is also given in the Microsoft documentation

Since this is a clear concept of the Load balancer, all other options are incorrect

For more information on the concepts of the load balancer, please visit the below URL

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Ask our Experts
View Queries
Question 20

A company wants to run a series of tasks using the Azure Batch service. They have the following key requirements

  • Large-scale parallel execution of Azure Batch jobs.
  • Minimize costs to run the solution

Which of the following would you consider implementing for the Virtual Machines for running the Batch jobs?

Explanation:

Answer – C

The Azure Batch service already gives you the capability of running processes in parallel. If you want to ensure minimum costs for your solution, then you can consider using low priority nodes.

Option A is incorrect since this is not supported as per the Microsoft documentation as given below

Option B is incorrect since this is used if you have tightly coupled workloads that need to run on the Azure Batch service.

Option D is incorrect since this is used if you have unpredictable workloads to run in Azure.,

For more information on an example of using the Azure Batch service, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/batch/tutorial-parallel-dotnet

Ask our Experts
View Queries
Question 21

A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.

You need to provide recommendations on what certificates are required for the deployment

Which of the following needs to be setup on the Personal certificate store on each laptop?

Explanation:

Correct Answer: C

Explanation:
At Server: need to install "Root Certificate having public Key" normally *.crt file
At Client Computer: need to install "Client Certificate having Private key"

Point-to-Site certificate authentication connections require the following prerequisites:

  • A Dynamic VPN gateway.
  • The public key (.cer file) for a root certificate, which is uploaded to Azure. This key is considered a trusted certificate and is used for authentication
  • A client certificate generated from the root certificate, and installed on each client computer that will connect. This certificate is used for client authentication
  • A VPN client configuration package must be generated and installed on every client computer that connects. The client configuration package configures the native VPN client that's already on the operating system with the necessary information to connect to the VNet

Point-to-Site connections don't require a VPN device or an on-premises public-facing IP address. The VPN connection is created over SSTP (Secure Socket Tunneling Protocol). On the server side, we support SSTP versions 1.0, 1.1, and 1.2. The client decides which version to use. For Windows 8.1 and above, SSTP uses 1.2 by defaul

 

Detail explanation at https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

Ask our Experts
View Queries
Question 22

A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.

You need to provide recommendations on what certificates are required for the deployment

Which of the following needs to be setup on the Computer Personal store on each laptop?

Explanation:

Answer – C

The user’s personal store will have the user certificate that has the private key.

For more information on point to site connections, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 23

A company has deployed several applications to Azure based virtual machines. These virtual machines need to be managed by a set of administrators by using point-to-site VPN connections. The certificates for the connections will be generated by an on-premise certification authority.

You need to provide recommendations on what certificates are required for the deployment

Which of the following needs to be setup in the Azure VPN gateway?

Explanation:

Answer – B

This is mentioned in the Microsoft documentation as one of the steps in setting up a point to site connection.

Since this is clearly mentioned, all other options are incorrect

For more information on point to site connections, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 24

A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.

You need to recommend which tables need to be queried for security related queries.

Which of the following would you query for events from Windows Event Logs?

Explanation:

Answer – C

This is also given in the Microsoft documentation, wherein you would use the Event Table for the queries on events from Windows Virtual machines

Since this is clearly mentioned, all other options are incorrect

For more information on collecting event data from windows virtual machines, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

Ask our Experts
View Queries
Question 25

A company has deployed several applications across Windows and Linux Virtual machines in Azure. Log Analytics are being used to send the required data for alerting purposes for the Virtual Machines.

You need to recommend which tables need to be queried for security related queries.

Which of the following would you query for events from Linux system logging?

Explanation:

Answer – D

This is also given in the Microsoft documentation, wherein you would use the Syslog Table for the queries on events from Linux Virtual machines

Since this is clearly mentioned, all other options are incorrect

For more information on collecting event data from linux virtual machines, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-syslog

Ask our Experts
View Queries
Question 26

Your company needs to generate a monthly report to determine the what, who, and when for any write operations on all resources that were deployed to the Azure subscription. Which of the following would help achieve this requirement?

Explanation:

Answer – B

You can actually go to the

1) Activity Logs section in Azure Monitor

2) Choose the timespan for the time period required

3) Download the report as CSV

Since this is clear from the implementation, all other options are incorrect

For more information on Activity logs, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview

Ask our Experts
View Queries
Question 27

A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application

  • Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
  • Give the ability to visualize the relationships between application components
  • Give the ability to track requests and exceptions to specific lines of code from within the application
  • Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value

Which of the following service would be best suited for fulfilling the requirement of

“Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data”

Explanation:

Answer – C

You can send data about the application and resource usage to Azure Log Analytics. You can then build queries on the stored data.

For more information on Azure Log Analytics, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-viewdata

Ask our Experts
View Queries
Question 28

A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application

  • Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
  • Give the ability to visualize the relationships between application components
  • Give the ability to track requests and exceptions to specific lines of code from within the application
  • Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value

Which of the following service would be best suited for fulfilling the requirement of

“Give the ability to visualize the relationships between application components”

Explanation:

Answer – A

question is talking about "application would be hosted using Azure Web apps"

Means PaaS service.

A. Azure Application Insights

         This can be applied to PaaS and hence correct answer

https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
B. Azure Service Map

       This can be applied to IaaS. Our requirement is for Web App which is not IaaS

Microsoft Azure introducted a new service called Service Map, which is a tool that enables us to map all communication flow to and from a monitored server.

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

C. Azure Log Analytics

      This is good for Analysis of Logs of the component bit not for ability to visualize.

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal
D. Azure Activity Log

       Activity Log is storing the data what activity done in Azure Portal or by CLI or PowerShell on a particular Service. Hence this is wrong

Ask our Experts
View Queries
Question 29

A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application

  • Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
  • Give the ability to visualize the relationships between application components
  • Give the ability to track requests and exceptions to specific lines of code from within the application
  • Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value

Which of the following service would be best suited for fulfilling the requirement of

“Give the ability to track requests and exceptions to specific lines of code from within the application”

Explanation:

Answer – A

This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation

You can use the CodeLens feature in Application Insights to get a deep dive look into exceptions at the code level. An example from the Microsoft documentation is given below

Since this is clearly mentioned in the documentation, all other options are incorrect

For more information on the CodeLens feature, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/app/visual-studio-codelens

Ask our Experts
View Queries
Question 30

A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application

  • Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data
  • Give the ability to visualize the relationships between application components
  • Give the ability to track requests and exceptions to specific lines of code from within the application
  • Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value

Which of the following service would be best suited for fulfilling the requirement of

“Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value”

Explanation:

Answer – A

This feature is part of the Application Insights tool. An example of this is given in the Microsoft documentation

Since this is clearly mentioned in the documentation, all other options are incorrect

For more information on the retention feature of Application Insights, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-retention

Ask our Experts
View Queries
Question 31

A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges

  • The users should be able to manage virtual networks
  • They should not be allowed to manage role assignments

You need to ensure the right role is assigned based on the least privilege access.

You decide to provide the Owner role to the group

Would this fulfil the requirement?

Explanation:

Answer – B

This would also allow the users to have the ability to manage all resources and this would provide too many privileges. Below is a snippet from the Microsoft documentation on the permissions for the role

For more information on in-built roles, please visit the below URL

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ask our Experts
View Queries
Question 32

A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges

  • The users should only be able to manage virtual networks
  • They should not be allowed to manage role assignments

You need to ensure the right role is assigned based on the least privilege access.

You decide to provide the Contributor role to the group

Would this fulfil the requirement?

Explanation:

Answer - B

This would also allow the users to have the ability to manage all resources and this would provide too many privileges. Below is a snippet from the Microsoft documentation on the permissions for the role

For more information on in-built roles, please visit the below URL

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ask our Experts
View Queries
Question 33

A company is setting up the required privileges for users in their Azure AD tenant. They need to assign a group of users with the below mentioned privileges

  • The users should be able to manage virtual networks
  • They should not be allowed to manage role assignments

You need to ensure the right role is assigned based on the least privilege access.

You decide to provide the Network Contributor role to the group

Would this fulfil the requirement?

Explanation:

Answer – A

Yes, this is the ideal role which allows users to manage virtual networks but does not give them the access to manage role assignments. Below is a snippet from the Microsoft documentation on the permissions for the role

For more information on in-built roles, please visit the below URL

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ask our Experts
View Queries
Question 34

A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.

You decide to use Azure Web Jobs for the implementation

Would this fulfil the requirement?

Explanation:

Answer - B

Azure Web jobs are used along with Azure Web Apps for performing background tasks. Here there is no mention of the application being a web application, so using Azure Web job would not be practical.

For more information on Azure Web Jobs, please visit the below URL

https://docs.microsoft.com/en-us/azure/app-service/webjobs-create

Ask our Experts
View Queries
Question 35

A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.

You decide to use Azure Functions for the implementation

Would this fulfil the requirement?

Explanation:

Answer – A

This would fulfil the requirement. So Azure Functions can run as part of the Consumption plan wherein they only consume resources when they are run.

For more information on Azure Functions, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview

Ask our Experts
View Queries
Question 36

A company is planning to migrate an on-premise application to Azure. One component of the application is a windows native application that would be used to perform image processing. It needs to be ensured that when the component is not running, no Azure compute resources are consumed. You need to also ensure that the image processing application runs every hour.

You decide to use Azure Logic App for the implementation

Would this fulfil the requirement?

Explanation:

Answer – B

Azure Logic Apps does perform the task, provided if recurrence triggres is used.  Since, it's not mentioned in the question the answer is No..

For more information on Azure Logic Apps, please visit the below URL

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview

Note - We can run recurring automated tasks, processes and workflows with Azure Logic Apps on a schedule by creating a logic app workflow that starts with a built-in Recurrence triggre or Sliding Window triggre.  Refer the link to know further.

https://docs.microsoft.com/en-us/azure/logic-apps/concepts-schedule-automated-recurring-tasks-workflows

Ask our Experts
View Queries
Question 37

A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL's. The deployment process for the application is too prone to errors and scaling and high availability are always issues.

You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.

Which of the following would you use as the Modernization approach?

Explanation:

Answer – D

The ideal approach for modernization of applications is to use Containers. And then to run in the cloud, you can use Azure Container Services. The Microsoft documentation mentions the following on Azure Container Instances

Option A is incorrect since this is more of a workflow-based service

Option B is incorrect since is a compute service that ideally should not run web-based applications

Option C is incorrect since this just ports the application but does not present a modern approach to application design

For more information on Azure Container instances, please visit the below URL

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview

Ask our Experts
View Queries
Question 38

A company currently has a Web application deployed in classic ASP. The application makes use of third-party DLL's. The deployment process for the application is to prone to errors and scaling and high availability are always issues.

You need to devise an approach to modernize the application that could be deployed to Azure and also ensure deployment and administrative overheads are reduced.

Which of the following would you recommend as the deployment approach?

Explanation:

Answer – C

You should package your application into containers which can then be deployed onto Azure

For more information on an example of building a container image, please visit the below URL

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-tutorial-prepare-app

Ask our Experts
View Queries
Question 39

A team needs to deploy an application onto Azure. The application will be used to perform intensive and long compute calculations. You need to deploy the solution to Azure. Below are the key requirements

  • Ensure every compute node can communicate with each other
  • Maximize the number of nodes to perform the computations faster
  • Least amount of effort to implement the entire solution

Which of the following would you use as the service for hosting the solution?

Explanation:

Answer – D

The ideal solution to use for this is the Azure Batch Service. The Microsoft documentation mentions the following

Options A and B are incorrect since these are load balancing solutions

Option C is incorrect since this should be used for applications that need to scale on demand

For more information on the Azure Batch service, please visit the below URL

https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview

Ask our Experts
View Queries
Question 40

A team needs to deploy an application onto Azure. The application will be used to perform intensive and long compute calculations. You need to deploy the solution to Azure. Below are the key requirements

  • Ensure every compute node can communicate with each other
  • Maximize the number of nodes to perform the computations faster
  • Least amount of effort to implement the entire solution

Which of the following would you implement within the service?

Explanation:

Answer – B

Since we are going to be using the Azure Batch Service to run the workloads, we need to ensure the tasks run in parallel. The Microsoft documentation mentions the following

Since this is the only ideal approach, all other options are incorrect

For more information on the Azure Batch service, please visit the below URL

https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview

Ask our Experts
View Queries
Question 41

The IT Security department has the requirement to ensure they get notified if there are any changes made to the configuration of the underlying Virtual Machines. A workflow needs to be designed for this requirement. Which of the following would you use for this purpose?

Explanation:

Answer – C

If you are looking at creating workflows, then you have to use Azure Logic Apps

The Microsoft documentation additionally mentions the following

Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

Option A is incorrect since this is used for notifications

Option B is incorrect since this is used for listening to events emitted by Azure resources

Option D is incorrect since this is used to work with Azure queues and topics

For more information on Azure Logic Apps, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview

Ask our Experts
View Queries
Question 42

Which of the following service would you use to fulfil the below case study requirement

“The Virtual Machines need to have a central location for storage of files. They would connect to these file shares using SMB”

Explanation:

Answer – C

You would use the Azure File service which can be used to work with shares via the SMB protocol

Option A is incorrect since this is used for Object level storage

Option B is incorrect since this is used for backup and recovery purposes

Option D is incorrect since this is used for hosting tables in Azure

For more information on Azure Files, please go ahead and visit the below URL

https://azure.microsoft.com/en-us/services/storage/files/

Ask our Experts
View Queries
Question 43

You need to comply with the below case study requirement

“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”

You decide to provision a point to site VPN connection

Would this fulfil the requirement?

Explanation:

Answer – B

Point to site connections are used when you want to connect to an Azure Virtual Network from workstation PC’s

For more information on point to site VPN connections, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 44

You need to comply with the below case study requirement

“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”

You decide to implement Virtual Network Peering

Would this fulfil the requirement?

Explanation:

Answer – B

Virtual Network peering is used to connect multiple virtual networks together

For more information on Virtual Network Peering, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Ask our Experts
View Queries
Question 45

You need to comply with the below case study requirement

“There should be an encrypted connection between the On-premise data centre and the Virtual Network whizlabs-net2”

You decide to implement a site-to-site VPN Connection.

Would this fulfil the requirement?

Explanation:

Answer – A

This is the ideal and correct way to connect an Azure Virtual Network with an on-premise data center. The Microsoft documentation mentions the following

For more information on site to site VPN connections, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Ask our Experts
View Queries
Question 46

You need to decide on the implementation strategy for the synchronization of user passwords between the on-premise AD and the Azure AD tenant. You need to ensure that the sign-in is completely managed in the cloud. The company currently does not have the need to apply any policies from their on-premise AD for the authentication process. Which of the following would you consider for the configuration of the synchronization?

Explanation:

Answer – A

A clear diagram on the decision for the type of synchronization to choose is given in the Microsoft documentation as shown below

Based on the decision tree we have to choose “Password Hash Sync” as the option and hence all other options are incorrect

For more information on choosing the right authentication mechanism, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Ask our Experts
View Queries
Question 47

A company is developing an application that will be hosted using the Azure Kubernetes Service. The application modules need to transmit files to a destination location and must make use of an encryption key for the encryption of the files before transmission. Which of the following will be used for managing the storage of the encryption keys?

Explanation:

Answer – A

In order to store encryption keys in this scenario, we work with Azure Key Vault.
- Keys are stored in a vault and invoked by URI when needed.
- Keys are safeguarded by Azure, using industry standard algorithims, key lengths, and hardware security modules.
- Keys are processed in HSMs that reside in the same Azure datacenters as the applications.
 To know how, do refer the following link.
 https://github.com/Azure/acs-engine/blob/master/docs/kubernetes/features.md#azure-key-vault-data-encryption

Ask our Experts
View Queries
Question 48

A company is planning on deploying a stateless based application based on microservices using the Azure Service Fabric service. You need to design the infrastructure that would be required in the Azure Service Fabric service. Which of the following should you consider? Choose 2 answers from the applications given below

Explanation:

Answer – A and B

The Microsoft documentation specifies what are the Service Fabric cluster capacity planning considerations

Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect

For more information on the cluster capacity for Azure Service Fabric, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity

Ask our Experts
View Queries
Question 49

A company currently has the following systems running on their on-premise environment

  • An ASP.Net application running on Internet Information Services
  • A MongoDB database

The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.

Which of the following Azure service would you use for the ASP.Net application?

Explanation:

Answer – C

The ideal service to use is the Azure Web App in the Azure App Service. The Microsoft documentation mentions the following

Options A and D are incorrect since these would less cost effective and not a managed service

Option B is incorrect since this is used for running small pieces of code or functions on Azure cloud

For more information on the Azure App service, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/app-service/overview

Ask our Experts
View Queries
Question 50

A company currently has the following systems running on their on-premise environment

  • An ASP.Net application running on Internet Information Services
  • A MongoDB database

The company wants to migrate the systems onto Azure. They want to ensure to use managed services to reduce the administrative overhead. They want to minimize the time for migration as well and also reduce costs wherever possible.

Which of the following Azure service would you use for the MongoDB database?

Explanation:

Answer – A

You can use the MongoDB API which is available as part of CosmosDB

The Microsoft documentation mentions the following

Options B and D are incorrect since these are SQL based data stores

Option C is incorrect since this would less cost effective and not a managed service

For more information on CosmosDB and the MongoDB API, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-introduction

Ask our Experts
View Queries
Question 51

A company needs to create a storage account as shown below

The storage account must meet the following requirements

  • Ensure that the documents can be stored in the storage account
  • The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
  • Provide the highest possible redundancy for the documents.
  • Minimize storage access costs.

Objective - Design an infrastructure strategy

Which of the following would you choose for the performance of the Storage account?

Explanation:

Answer – A

You have to use the Standard performance tier. The premium tier only allows storage of Page BLOB’s.

In the below diagram you can see that if we choose Premium as the Performance option, we will have no option for files shares. And that is the main requirement. File shares allow to have drive mappings from Azure Virtual Machines.

Since this is clear from the implementation, all other options are incorrect

For more information on Azure storage accounts, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

Ask our Experts
View Queries
Question 52

A company needs to create a storage account as shown below

The storage account must meet the following requirements

  • Ensure that the documents can be stored in the storage account
  • The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
  • Provide the highest possible redundancy for the documents.
  • Minimize storage access costs.

Which of the following would you choose for the Account kind?

Explanation:

Answer – B

If you need to use a storage account to host file shares, the consider General Purpose v2 which has support for Page BLOB’s. Microsoft recommends this storage account kind which has more features than General Purpose v2.

In the Azure portal, you would configure this as shown below

 

Since this is clear from the implementation, all other options are incorrect

For more information on Azure storage accounts, please go ahead and visit the below URL

Ask our Experts
View Queries
Question 53

A company needs to create a storage account as shown below

The storage account must meet the following requirements

  • Ensure that the documents can be stored in the storage account
  • The documents must be made accessible via drive mappings from Azure virtual machines that run Windows Server 2016.
  • Provide the highest possible redundancy for the documents.
  • Minimize storage access costs.

Which of the following would you choose for the replication?

Explanation:

Answer – C

Please refer to
https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction#redundancy

Redundancy

In order to ensure that your data is durable, Azure Storage replicates multiple copies of your data. When you set up your storage account, you select a redundancy option.
Replication options for a storage account include:


Means redundancy of RA-GRS and GRS: both has same but availability of data is more in RA-GRS than GRS.
in GRS, in case of region failure, data is unavailable till Microsoft trigger failover 
but in case of RA-GRS: Data for read-only, is available from secondary region all the time

Since question is also talking about "Minimize cost and as we know cost of GRS is comparatively lower than RA-GRS.

Now please refer to

?

Ask our Experts
View Queries
Question 54

A testing team needs to create resources in an Azure subscription.

These resources will be pertinent to applications that ned to be tested in Azure. These applications will make use of shared resources and application specific resources.

You have to create a deployment solution that meets the following requirements

  • Minimize the administrative effort for the testing team to create the application environment
  • Ensure that the application environment can be created consistency multiple times
  • When the testing of the application is complete, all resources except for the shared resources should be deleted

Which of the following should be used to implement this requirement?

Explanation:

Answer – A

The ideal solution is to use Template deployment. Below is why Microsoft recommends a template deployment.

Also ensure separate resource group deployments. So, when the application needs to be deleted, you can just delete the resource group, so that all resources in the resource group get deleted.

Option B is incorrect since you should deploy shared resources and application specific resources to separate resources groups

Options C and D are incorrect since you should use JSON based templates for deployment

For more information on Resources Groups, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview

Ask our Experts
View Queries
Question 55

A company currently has an Azure account and subscription. They want to host an application using Virtual Machines and a load balancer. There is a requirement to ensure that the application is made available 99.99% of the time. Which of the following would need to be in place? You also have to minimize costs associated with the solution. Choose 2 answers from the options given below

Explanation:

Answer – B and C

This is clearly mentioned in the Microsoft documentation

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on the SLA for the Load balancer, please go to the below URL

https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/

Ask our Experts
View Queries